From ff0c2e662d241f96567196c67f20785422f113bb Mon Sep 17 00:00:00 2001 From: Frode Nordahl Date: Sun, 31 Dec 2023 07:13:21 +0100 Subject: [PATCH] vault: Allow consecutive invocations of auto_initialize The vault charm will expect the ``force`` parameter to be set to 'true' on consecutive runs of the ``get-csr`` or ``regenerate-intermediate-ca`` actions. --- zaza/openstack/charm_tests/vault/setup.py | 4 ++++ zaza/openstack/charm_tests/vault/utils.py | 9 +++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/zaza/openstack/charm_tests/vault/setup.py b/zaza/openstack/charm_tests/vault/setup.py index 05e8cc547..74b14ec63 100644 --- a/zaza/openstack/charm_tests/vault/setup.py +++ b/zaza/openstack/charm_tests/vault/setup.py @@ -162,6 +162,10 @@ def auto_initialize(cacert=None, validation_application='keystone', wait=True, basic_setup(cacert=cacert, unseal_and_authorize=True) action = vault_utils.run_get_csr() + if 'output' not in action.data['results']: + logging.warning("Running 'get-csr' action with force, " + "vault already initialized?") + action = vault_utils.run_get_csr(force=True) intermediate_csr = action.data['results']['output'] (cakey, cacertificate) = zaza.openstack.utilities.cert.generate_cert( 'DivineAuthority', diff --git a/zaza/openstack/charm_tests/vault/utils.py b/zaza/openstack/charm_tests/vault/utils.py index 72cbac413..464095708 100644 --- a/zaza/openstack/charm_tests/vault/utils.py +++ b/zaza/openstack/charm_tests/vault/utils.py @@ -474,18 +474,23 @@ def run_charm_authorize(token): action_params={'token': token}) -def run_get_csr(): +def run_get_csr(force=None): """Retrieve CSR from vault. Run vault charm action to retrieve CSR from vault. + :param force: Force regeneration of intermediate ca. + :type force: Optional[bool] :returns: Action object :rtype: juju.action.Action """ + action_params={} + if force is not None: + action_params.update({'force': force}) return zaza.model.run_action_on_leader( 'vault', 'get-csr', - action_params={}) + action_params=action_params) def run_upload_signed_csr(pem, root_ca, allowed_domains):